Scribd Logo
Upload

Welcome to Scribd!

  • 17 views

    Ubuntu Hacks: Virtual Virtual Devices: Encrypted RAID

    Uploaded by

    sexyhackerboy
    This document summarizes a presentation about using the Linux device mapper framework to create layered virtual devices. The device mapper allows arbitrary features like encryption to be added to block devices. It describes how to use the cryptsetup module to encrypt a RAID device, creating an encrypted virtual block device. The presentation recommends encrypting with dm-crypt rather than older alternatives like cryptoloop or loop-AES due to advantages in security and performance. It provides steps to install required packages, create the layered devices using RAID and encryption, and mount the encrypted filesystem for use.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content

    You might also like

    Ubuntu Hacks: Virtual Virtual Devices: Encrypted RAID

    Uploaded by

    sexyhackerboy
    17 views15 pages
    This document summarizes a presentation about using the Linux device mapper framework to create layered virtual devices. The device mapper allows arbitrary features like encryption to be added to block devices. It describes how to use the cryptsetup module to encrypt a RAID device, creating an encrypted virtual block device. The presentation recommends encrypting with dm-crypt rather than older alternatives like cryptoloop or loop-AES due to advantages in security and performance. It provides steps to install required packages, create the layered devices using RAID and encryption, and mount the encrypted filesystem for use.

    Original Description:

    Original Title

    20060726-OSCON-VirtualVirtualDevices

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document summarizes a presentation about using the Linux device mapper framework to create layered virtual devices. The device mapper allows arbitrary features like encryption to be added to block devices. It describes how to use the cryptsetup module to encrypt a RAID device, creating an encrypted virtual block device. The presentation recommends encrypting with dm-crypt rather than older alternatives like cryptoloop or loop-AES due to advantages in security and performance. It provides steps to install required packages, create the layered devices using RAID and encryption, and mount the encrypted filesystem for use.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    17 views15 pages

    Ubuntu Hacks: Virtual Virtual Devices: Encrypted RAID

    Uploaded by

    sexyhackerboy
    This document summarizes a presentation about using the Linux device mapper framework to create layered virtual devices. The device mapper allows arbitrary features like encryption to be added to block devices. It describes how to use the cryptsetup module to encrypt a RAID device, creating an encrypted virtual block device. The presentation recommends encrypting with dm-crypt rather than older alternatives like cryptoloop or loop-AES due to advantages in security and performance. It provides steps to install required packages, create the layered devices using RAID and encryption, and mount the encrypted filesystem for use.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 15

    Ubuntu Hacks

    Virtual Virtual Devices:


    Encrypted RAID
    Jonathan Oxer

    OSCON
    July 26th, 2006
    Device Mapper
    New feature in 2.6 kernel to layer arbitrary features
    on top of block devices


    Snapshotting

    Backups

    Redirection

    Encryption

    Jonathan Oxer
    Device Mapper Modules
    Modules use the device-mapper framework to
    implement specific functionality:


    “dmraid” for software RAID

    “cryptsetup” for block device encryption

    Jonathan Oxer
    Alternative Systems
    Cryptoloop and loop-AES are older approaches to
    filesystem encryption.

    Cryptoloop has some disadvantages:


    Known plaintext attacks

    Watermark attacks

    loop-AES is slower than dm-crypt and less flexible.

    Jonathan Oxer
    Caveats
    Encrypted filesystems typically write faster than
    they read!

    Absolutely do not forget your password ;-)

    Jonathan Oxer
    Layering Virtual Devices

    Jonathan Oxer
    Layering Virtual Devices

    Jonathan Oxer
    Layering Virtual Devices

    Jonathan Oxer
    Layering Virtual Devices

    Jonathan Oxer
    Layering Virtual Devices

    Jonathan Oxer
    Layering Virtual Devices

    Jonathan Oxer
    Install Required Packages
    Install device-mapper and cryptsetup packages:
    sudo apt­get install cryptsetup

    Jonathan Oxer
    Create The Device Layers

    Create the pair of RAID-0 devices:
    mdadm ­­create /dev/md0 ­­level=0 \
    ­­raid­devices=2 /dev/sda1 /dev/sda2
    mdadm ­­create /dev/md1 ­­level=0 \
    ­­raid­devices=2 /dev/sda3 /dev/sda4

    Use those to create a RAID-1 device:
    mdadm ­­create /dev/md2 ­­level=1 \
    ­­raid­devices=2 /dev/md0 /dev/md1

    Create an encrypted virtual device:
    cryptsetup create usb1 /dev/md2

    Create a filesystem on the virtual device:
    mkfs.ext2 /dev/mapper/usb1

    Finally, mount it:
    mount /dev/mapper/usb1 /mnt/usb1
    Jonathan Oxer
    Layering Virtual Devices

    Jonathan Oxer
    More Information

    These slides are online at:


    jon.oxer.com.au/talks

    Ubuntu Hacks available now:


    www.ubuntuhacks.com

    Thanks for listening!

    Jonathan Oxer

    You might also like